Cost Of Cybercrime

By Mitz Pantic | Small Business

The personal cost of cybercrime can be quite high, but the total economic cost of cybercrime can be staggering. When cybercrime affects us personally, it can range from mere annoyance (“my computer is running slow”) to devastating (“I’ve lost all of my files and pictures from the last 10 years”). But combining together the misery suffered by everyone as a result of cybercrime—including the problems suffered by businesses—creates a huge economic loss for nations and the world in general.

The Cost Of Cybercrime Against Individuals

Despite alarmist news reports, cybercrime against individuals rarely involves money—at least not directly. Even if a cybercriminal manages to steal your U.S. credit card number, Federal law insists the credit card company can’t charge you more than $50 no matter how much the cybercriminal spends using your card. (Most reputable credit card companies in the U.S. take this a step further and eliminate all fraudulent charges from your bill at no cost to you.)

But what cybercriminals often do to individuals is steal parts of their computer—computer processing power, memory, and bandwidth—so that they can send spam, infect other computers, and attack corporate websites. These attacks slow down your computer and get you in trouble with your Internet Service Provider (ISP), making you less productive and wasting your time with malware removal software and explanatory phone calls to your ISP.

Cybercriminals can do even worse damage to individuals, as in the case of child pornographers who try to avoid the police by storing their illegal images on computers belonging to people like you. They break into your computer and use it download these illegal images so that the police investigate you instead of them.

In addition to the direct damage cybercriminals do in their successful attacks against individuals, there is also the very high cost of blocking their attacks. Many of us pay for anti-virus software and firewalls to keep hackers out of our computers, the cost being more to keep a business safe from hackers. That’s not money we want to spend—we spend it because we must. If the nearly 2 billion people online pay an average of just $10 USD per year on cybersecurity (some people obviously pay more and some people pay nothing), that’s over $20 billion U.S. dollars in cybersecurity—a huge part of the cost of cybercrime.

Cost Of Cybercrime

The Cost Of Cybercrime Against Businesses And Governments

Consumers have fairly strong financial protection from credit card fraud or PayPal fraud, but corporations and other large organizations don’t typically get the same guarantees. If you deal in thousands or millions of dollars a day, nobody wants to provide you outside fraud protection—so you have to provide it yourself. This creates an opportunity for clever hackers who can penetrate these large organizations and steal their money.

In addition, large organizations very often have a small number of competitors who may be willing to use cybercriminals to attack their competition. After all, if you really need to order your textbooks today and Amazon.com is offline, you will probably use Barnes & Nobel. (Not that I suspect either Amazon or Barnes & Nobel of illegal activity.)

Cybercriminals can also use large organizations the same way they use consumers but on a massively increased level. A system administrator I know who works for Google worries a lot about getting hacked, because if you hack him, you can get access to thousands of Google servers. Not only does the hacker get access to those thousands of servers, but he gets access to servers which most of the rest of the Internet trusts. If you hack Google’s email servers, you can send messages from GMail which look legitimate to every other mail server on the Internet but which can now contain spam.

There’s also another type of cybercrime which few people talk about but which most experts think is the most damaging type of cybercrime to corporations—internal attacks. That’s when a legitimate employee or contractor abuses his or her access within the company to attack the company out of spite, revenge, or just to make money. Because these attackers have legitimate credentials, there’s a limit to what a company can do to protect itself from internal attackers.

Finally, there’s cybercrime against governments or against institutions which are critical to a nation. These alleged cybercrimes are usually perpetrated by one government against another by government hackers, so (in a sense) they aren’t actually cybercrime. (Sovereign nations each get to define what actions they think are crime, so if a nation hires a hacker, that hacker’s actions aren’t criminal within the nation which hired him anymore than a soldier who kills enemy troops is a murderer.)

There are very few good statistics about government-against-government cybercrime, but the best guesses indicate that it causes several billion dollars of damage a year. Although many news stories in the U.S. focus on cybercrime against American institutions, it’s important to note that recently declassified documents from the Cold War show American hackers attacking Soviet institutions as far back as the 1970s. It’s likely that the U.S. and many other western nations still use hackers in a sort of economic warfare against countries they don’t like.

The Total Cost Of Cybercrime

Adding together the individual, corporate, and governmental cost of cybercrime, we get estimates between $10 billion and $500 billion dollars of damage and associated costs a year. The majority of these costs probably occur in the corporate sector, but individuals and governments each also bear a large portion. Unfortunately the range between 10 and 500 billion is very large and there are too many competing analysis to get a much more accurate number. However, I would guess that somewhere between $100 and $200 billion dollars a year is the true cost of cybercrime.